/WannaCry/ WannaCry General

>>60399046
what's so interesting about their addresses?

>>60399046
Tutorial on how to change the BTC address and roll your own version when.
I wonder if the number of addresses will multiply exponentially soon.

File: Windows 10 tcpdump.webm (3MB, 1280x648px) Image search: [Google]

3MB, 1280x648px

>>60399046
wannacry is the least of your problems winfags

>>60399046
I wanna be the guy

>>60399046
can someone give me a link to wannacry
wanna test it in a vm

>>60399046
are macs safe?

Does paying the ransom actually unlock the files?

>>60399307
of course :)

>>60399292
only if you suck dick on a daily basis

>>60399307
It causes your ass to implode.

>>60399220
Woah a bunch of numbers, I'm scared

File: 1494186476735.jpg (601KB, 1200x628px) Image search: [Google]

601KB, 1200x628px

>>60399307
>letting them know you REALLY NEED those files

>>60399307
It apparently does with other ransomware. No clue if this one does.

>>60399340
shit, i was scared for a second there

File: privacy.jpg (86KB, 400x684px) Image search: [Google]

86KB, 400x684px

>>60399220

You idiots using Windows, you are using an already backoored OS you niggers
>>>/wsg/1688307

>>60399279
anyone?

>>60399140
We can assume their profit through it.

>>60399220
does the start menu need to make tcp connections??????????

>>60399498
>Windows 10
Not my problem :^)

>>60399307
after you pay the ransom pay less than a third of the ransom for an external hdd and start backing your shit up like a responsible computer owner

File: Doom-Paul-01.png (109KB, 449x548px) Image search: [Google]

109KB, 449x548px

>>60400029
it is if you enable updates on windows 7 through 8

>>60400857
>enabling automatic updates after Microshaft tried pushing no-ask """upgrades""" on its users once

>not just auditing security updates and installing them from wusaoffline

lol :^)))))))

File: help.jpg (2MB, 1918x1062px) Image search: [Google]

2MB, 1918x1062px

HELP

>>60400001
To download the recommended Candy Crush ads.

>>60399353
low level damage control

What happens if I am on a starbucks wifi and I have this on my laptop?

>>60400944
Nothing because everyone else will be using a Mac, iPad, or iPhone

Someone give me the script

>>60400952
...and linux.

>>60401057
>banned for "hacking"

>>60399498
>RSA_Decryptor
I don't think that's how it works, but I don't know enough about RSA to dispute it.

>>60400944

https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

This actually explains how it works quite well.


If they setup the Wifi right, the Guest network won't be able to touch anything inside of Starbucks. It will however try to exploit other machines in on the wifi. Someone running a Windows PC unpatched for the exploit would then get the virus as long as the PC was on and connected to the same wifi. They would then take the PC home or back to the corporate network and the process starts again.

It would hit corporate and government systems mostly. They usually hold patches until they can be approved through a testing process. The average person clicking next and default through their setup options probably have automatic updates setup already.

>>60401135
There's 2 ways it could work:
>RSA_Decryptor knows Microsoft's super secret spyware RSA private key
>RSA_Decryptor is actually a time-travelling quantum computer from the future

Is there any source to the claim that people have forked the ransomware and taken out the killswitch?

>>60401409
>Someone found our killswitch
>Well, we're done here
Said no hacker ever.

>>60401421
Well yeah, no shit. I just want someone with le degree saying it so I can link it to normalfags and keep them scared.

>>60401432
When the next hospital or something gets hit then they'll have a scary news story.

>>60399220
What's this program?

>>60401477
probably tcp dump or whatever on the router

you can just use wireshark to get the same thing

File: 제목없음.png (14KB, 547x407px) Image search: [Google]

14KB, 547x407px

Updated :It's now 52000$

>>60403120
https://pastebin.com/JZHZkyWe
Here's the sauce
Check it yourself

>>60403120
why does your OS use inflation symbols instead of backslashes?

>>60399157
The exploit will be patched soon anyway, you're not going to have time to spread it.

>>60399307
people wont fall for it if everyone think it's a scam

(well, actually it's a scam

>>60399046
>only USD 46433
Not too much tbqh considering it probably costs quite a fair bit to run an operation of this scale, didn't original CryptoLocker make much much more?

>>60403213
I'm using Korean language pack, so backslash is replaced with inflation symbols.

>>60403243
After some scams people just stopped paying for it.

>>60403269
Original Crilock had C2 servers raided and keys made public due to author incompetence, nothing else.

Good thread. It's 10:40 in Europe right now, so a lot of money should come in shortly.

$50000 is not so bad for an exploit they didn't have to discover themselves

>>60403331
Considering it's >muh biggest cyber hacker attack and >over 160 countries, yeah it is. Original crilock made MUCH more, millions+

>>60403352
>muh biggest cyber hacker attack and >over 160 countries
Who said that? Surely not the malware authors.

>>60403326

The funny thing is they are not using personalized wallet adresses for each victim so it's impossible to determine who paid the ransom and who didn't. I doubt they have any plans to decrypt the files.

>>60403363
Swedish media, at least. It's pure trash though, so I don't know what I expected.
>>60403368
kek fucking clowns, somebody managed to register a domain used as a c2 before they did
You don't even need one for this, can encrypt the individual file keys with an included pubkey (change modulus for each machine) and then make a decryptor service available upon paid ransom.

They should have made it WanaCum and blocked all adult content until you paid up

>>60403403
>upon paid ransom.
They don't know who paid the ransom.

So is it mostly Romanians made this worm?

>>60403403

>You don't even need one for this, can encrypt the individual file keys with an included pubkey (change modulus for each machine) and then make a decryptor service available upon paid ransom.

But they have no way of determining who paid the ransom because all the coins are pooling into couple a wallets.

For example I could see their transaction history and claim I was one of the addresses who sent them money and demand decryption even if I didn't pay.

I'm only hearing of this today. Some guy I spoke with had it but couldn't tell me what it's actually doing. What does it do except for be in your face?

Also typical that media outlets are saying it's [illegal] torrenting.

>>60399220
I guess it's mostly ads and weather updates

and stealing your data of course

>>60399046
>>60403120
Sorry I don't understand how this works, how are you guys tracking it? Can't people use it to trace it back to the ransomware creators?

>>60403673
It encrypts your files

>>60403419
>>60403508
No shit, but one could make a C2less ransomware was my point. Yet these people manage to fuck it up this badly.

>>60403418
Kek

>>60403765
Look up how bitcoin work

>>60401283
so the entry point is a open rdp session?

>>60403883
Am I understanding right that the addresses are nodes or the blockchains and you're just checking off those?

so. it's monday. did the wannacrapocalypse happen yet?

>>60399498
There are so many linux and mac bummers on /g/. I must have used about 20 + distros though the years.
One thing that is always a problem is GAMES.

>>60403996
wait few hours until burgers wake up

>>60399307
It usually does, since if they don't unlock shit after you pay, they lose the profit. Why give them your money AND still lose your files, when you can save the money since you'll lose your files anyway. They need to hold their part of the bargain, otherwise no one would bother paying

>>60404633
I imagine a bunch of scared and desperate people might still pay despite not getting their files back.

Can you get infected just by opening the email? or as long as you don't open the attachment you're safe?

File: 1492751010005.png (44KB, 332x356px) Image search: [Google]

44KB, 332x356px

Anyone know a good website where I can see stocks in real time? I want to see what this does to companies stocks and how much if any this will hurt Microsoft.

>>60404696
You can get infected by being on the same network as an infected computer.
How the first computer in a network gets infected is by the usual vectors.

But for large, unpatched networks like hospitals and businesses, it increases the risk of it getting into the local network.

Wtf, this is retarded, why do they turn off internet at arcade centers too?

>>60399046
Hey man can you update? Yuropoors are awake by now

>>60404707
Google finance

>>60404711
That I know, but I mean if you're an individual user that got the spam mail, can you get infected if you open the email but not the attachment? or are you safe as long as you don't open the attachment?

>>60400001
Have you even seen the functionality of Cortana?
It doesn't do anything until he starts typing, which is exactly what it should be doing. Cortana will search for relevant Internet results as well, if enabled.

>>60404711
I'm on the same internet as a lot of infected computers, why am I not infected yet?

>>60405089

Because you're probably patched. The image that you're on may have automatic updates applied, or you hit [tab] a million times when you were setting it up yourself.

If you want to be nice, though, tell your IT folks that you're ok. They'll take your shit and use it for forensic purposes. In fact, they'll probably take it anyway, so take off any files you don't want your boss to see.

>>60404959

I haven't seen a copy of it yet. It may be executed the moment you open it.

Don't get in the car with strangers.

So how much USA is going to pay for leaking this exploit and causing billions in damages to rest of the world?

>>60405171
zero my dude

>>60405089
>I'm on the same internet as a lot of infected computers, why am I not infected yet?
Probably because you have a router that is blocking incoming packets on port 445.

Welcome to the future people. Security patch Monday every week.

And holy shit the amount of smoke this has blown up up everyone ass. The RFC are non fucking stop.

We're talking midday server and desktop restarts across the board my boys! Patch patch patch like never before!

>>60405527
I would laugh if the sudden wave of updates caused microsoft's update servers to implode.

>>60405540

Too late. Reports yesterday of being unable to access Windows Update.

This is our modern age. The US invested heavily in computer offence, not realising that in a few years every other country would be able to do the exact same shit.
The NSA is a organisation that specialises in making computers less, rather than more secure. Which was an advantage when no other country had the resources or the expertise to run their own NSA, but now it is a disadvantage since the US does not have an agency (at all) that tries to make computers more secure.

File: 스크린샷, 2017-05-15 21-15-51.png (60KB, 466x495px) Image search: [Google]

60KB, 466x495px

>>60404924
>Yuropoors
>Poors
But they sent about 8000$.

>>60405540

Wouldn't be surprised given everyone is reviewing their infrastructure now. Literally pinging for anything and everthing. So far I've heard that a outwards facing rogue Windows 2003 server and two, two fucking blackberry servers were just sitting doing nothing because nobody knew they existed!

>>60403927
you are not clever, are you?

>>60405626

This is no surprise, really. Much as I hate Change Management, the Configuration Management portion of it really uncovered a shitton of stuff in our environment, including mail servers running on a box under someone's desk.

This was 12 years ago.

>>60405618
Is that from today? Not bad, he earns about 20k/day. Still laughably small amount for such damage but still good for some lowlife retard

File: 1475696690630.jpg (181KB, 490x427px) Image search: [Google]

181KB, 490x427px

Surely they can't spread ransomware through IoT devices, ri-right guys?

File: 149.jpg (12KB, 205x241px) Image search: [Google]

12KB, 205x241px

I can't open my fridge
help

>>60405704
If those IoT devices run windows, yes, yes and very yes.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

>>60404651
Most people would ask someone who knows something about computers. 5 minutes of googling will show that the only way to get the files back is to pay and that they are at least honest enough to decrypt your files.

>>60405704
That's a great idea.
> backdoor an IoT device
> scan the network
> Execute payload

How are people even getting WannaCry? Email, torrents?

>>60405695

On the whole this makes my life easier as I've been trying to push out K*spersky, which has been mostly successful. However, there's a good number of laptops who have failed/err/unknown and the users who own them have been a right hassle to bring in since remoting doesn't work since KAV breaks SCCM if it fails to install correctly etc.

>>60403120
How can they tell one transaction from another to know which victim to unencrypt if they don't use unique adresses for each transaction?
Is it just a scam?

File: 5e8f6e0d3a029807dfe181dc3d160cf0.png (208KB, 740x651px) Image search: [Google]

208KB, 740x651px

>>60405704

>>60405726

underrated

What if I'm poor and can't pay them anything but a few indie games in my Steam inventory?

>>60405932

You hope that you've got a older cryptolocker and try to reverse it with Kaspersky's free decrypting tool.

Or restore from back up.

>>60405618
60k.
Not bad. Too bad their amateurish methodology means they have no idea how to touch those stashes without getting raped by any major intelligence agency.

>/g/ tells me to stop updating windows 7 because of the spying update
>/g/ tells me that I am a retard for not updating

This is seriously the worst fucking board

>>60405879

SMB exposed to the internet.

File: tumblr_nemy92wrku1sbaqxto1_1280.gif (240KB, 929x889px) Image search: [Google]

240KB, 929x889px

it is over right despite all the tech pros talking about new waves?

the outrage made people aware of the vuln, microsoft even released the patch for stuff like XP, the address was sinkholed, even a different address or no killswitch is not getting spread

>>60405979
>tfw win10 with all default telemetry shit and auto updates nothing turned off

I could literally download a virus on purpose and run it and be safe. All I had to do was give up all my freedoms.

>>60405979
You know you can update security updates without updating telemetry shit right?

>>60405782
If those IoT devices contain horribly out of date Linux kernels, yes, yes and very yes.

That and there are tons of IoT devices with little to no security so you don't even have to run exploits to get into them.

>>60405979
No, we gave you a list of updates not to install, not to stop updating altogether.

>>60405979

I always tell people to disregards /g/ advice on security or OS's. The fucking morons on this board think it is acceptable to use OSs designed to be used for cash registers like Windows POS.

Anyone who recommendations you to just use Common Sense: 2017 Edition or any derivatives alone is a retard. None, or hardly anyone has any actually security certs or experience here.

And yes, I am mad.

>>60405987
Wait, I'm dumb, so basically just being on the internet using Windows? That doesn't make sense to me.

>>60406032
That sounds stupid but ok, I'll update now since the kb 3068708 and a bunch of other updates are still waiting on the optional shit. I just don't know what's stopping them from relaunching that spying bullshit on a newer different update

>>60399046
>Only 5 addresses
How can they know who sent money to them?

I really want to put a windows machine on a dmz and see what happens, but I dont want to get my network infected.

>>60406167
>he thinks anyone has been decrypted

>>60406066

If you've got SMBv1 activated, yes. There's literally a metasploit module that'll allow any scriptkiddie to exploit this.

Am I still vulnerable after installing KD4012212 or can I stop caring about this shit yet?

>>60405979
Anyone who tells you to stop updating your OS is a fucking retard, full-stop. You should know better.

Leaving exploits unpatched for any OS is the fucking height of stupidity.

good info here
https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

>>60403230
It already was patched... No one applied the security updates from last month...

>>60406355
The patches will be applied soon.

Where can I download it?

I want to test it on a vm

>>60399220
Cmon, this is a fucking tech board. If you haven't figured out how to disable that shit you need to go back to Facebook with all the other retards.

>>60406354

Cheers, passed it onto people who need it.

File: C_px2SbV0AAMEMZ.jpg (197KB, 1229x931px) Image search: [Google]

197KB, 1229x931px

>>60405704

>>60403250
Why are you Korean?

shame this virus doesn't work with smart-tv's.

Hi, are there any videos showing computers infected with this virus?

>>60405910
>what is lan

>>60406235
So I Googled how to turn it off and did it. My Windows Defender was disabled by myself long ago though, should I reenable it or is it just rendered moot due to the ransomware's actions?

>>60406771
if you're behind a router that's not forwarding port 445, you're already safe. not to mention the original strain of the malware has been disabled as a sinkhole domain was registered

File: pepeworry.jpg (7KB, 231x218px) Image search: [Google]

7KB, 231x218px

>>60406660
I dunno

>>60406660
Good question.

File: 148575270917869.jpg (28KB, 525x633px) Image search: [Google]

28KB, 525x633px

So just how easy is it to catch this virus?

Should I just stay off the internet completely?

>>60406850
New person that seems to have asked a lot of questions already:

>Update Windows
>Disable SMBv1

Now I'm trying to learn how to know if I'm forwarding port 445 ala this post >>60406809

>update windows
>installing updates please wait
>0% for the last half of hour

>>60406611
Who the fuck designed this? All of them could do much worse.
>pay or you can't close the fridge
>pay or the microwave will open the door and then run on full blast
>pay or the coffee brewer will burn up
>pay or the toaster will burn up
>pay or the door will lock you inside
>pay or the dishwasher will break your dishes
>pay or I'll heat the room to Infinity°C
>we don't want your money, we'll just drive your self-driving car into ongoing traffic and play nasheed from the wreck

>>60406921
It better hurry up. The clock is ticking, anon. It's coming for you.

File: ports.png (579KB, 731x270px) Image search: [Google]

579KB, 731x270px

>>60406891
>>60406809
Doesn't look like I'm forwarding anything.

>mild panic yesterday
>disable smb1
>try to copy some files today
>to a windows 2000 machine
>requires smb1
wat do?

>>60399157
do you want to go to jail for the rest of your life for a $1000 profit?
are you actually retarded?

>>60399243
Really? Become pretty much the most wanted malicious hacker for ~$100-200k? Interpol, Europol, various national agencies including the Russian government hunting you down. I think it's a pretty shit deal. I wouldn't consider doing something like this unless there's millions in it for me.

>>60399157
if you don't know how to do this, you don't belong in /g/.
if you actually plan to do this, you are retarded.

>>60407130
Whip out the ol' usb.

>>60406964
It needs a comedic umdertone for people to actually get the point if you just scare them they will simply stop thinking about it. At last this is my guess.

>>60406361
This. Anyone?

>>60408088
Check the github link.

File: 1441430936691.png (715KB, 629x758px) Image search: [Google]

715KB, 629x758px

Who could be behind it all, /g/?

>>60408137
Some script kiddie. This isn't organized crime.

>>60408167
I don't know a whole lot about cryptocurrencies, but shouldn't it be easy to find the guy from his Bitcoin address? Is it not like giving out your credit card number?

>>60408301
>I don't know a lot about cryptocurrencies
Should've stopped typing there.

>>60408301
Yes, except for the fact that this "credit card number" doesn't definitively resolve to a single person.

File: aliens.jpg (53KB, 500x438px) Image search: [Google]

53KB, 500x438px

>>60408137

>>60408137
Starved rusky subhumans.

Every single time.

File: Untitled.jpg (61KB, 1018x325px) Image search: [Google]

61KB, 1018x325px

Chinks gonna chink.

My important files are stored in the cloud. Only program files are stored locally. I'm safe.

>>60408137
Some people just want to see the world burn.

Do I have to care about this if I have the updates?

>>60408742
no

>>60408765
Cool.
So, why is it a problem to people if it has been already fixed?

>>60405905
>Is it just a scam?
yup

>>60408795
Because normies doesn't know how to update their os

File: 789f62f194cffcb52ba87881464069a39c84fdb28397ae5a7008ffbdc5ec950b.jpg (106KB, 1440x779px) Image search: [Google]

106KB, 1440x779px

>>60408137
it's not about the money (mostly)
it's about sending a message

>>60408811
Now that you say it,CommonSense2017 doesn't come packed with the machine.
I actually got a call from grandma
>Are you okay, I heard there was a cyberattack

>>60408795
It's mostly a problem to corporations because it's expensive to update thousands of computers from XP and its software.

>>60401477
duma, bash command prompt

File: 1489796898493.png (451KB, 718x904px) Image search: [Google]

451KB, 718x904px

>>60399046
>literally hit thousands of businesses and privater owners
>not even 50 grand in total
JUST

>>60406740
>what is phone notifications for ready tendies
How else are we gonna know?

>>60408795
Technically, as far as I can tell, it'll only need a little bit of changing around in the code before it's back up and running every week.

>>60409360
So it will attack relentlessly, every week if someone orders it?

>>60409270
>>not even 50 grand in total
>JUST
64k as we speak.

>>60409401
I mean, it's going to be completely broken eventually, but afaik the Windows update doesn't kill it off completely.

File: thekid.jpg (17KB, 1024x553px) Image search: [Google]

17KB, 1024x553px

>>60399243
>>60407255

File: kvn1494865858.jpg (255KB, 627x513px) Image search: [Google]

255KB, 627x513px

>>60409270
>>60409418

>>60409418
Still JUST as fuck. After hitting thousands of computers worldwide, one would expect at least something around 1MIL

>>60409441
>>60409444
I would've expected more, maybe around 500k, but we'll see how far they can get.

The Apple Macbook Pro with TouchID doesn't have this problem.

>>60409436
Now that's a version of wannacry I could get behind
encrypts all your files and embeds them in a picture of a cherry. Beat IWBTG to decrypt your files

>>60409463
>Beat IWBTG to decrypt your files
that'd be awesome

>>60408301
It depends on how they did it. Unlike a credit card number, a bitcoin address doesn't usually have a name or address in some centrally accessible database, so they'd have to track them via the IP associated with their bitcoin address.

But, there could be a number of ways to get around that, depending on how they're hosting the bitcoin wallet.

Android is a mobile operating system developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets.

ANDROID BY GOOGLE DOES NOT HAVE PR0BLEMS

>>60409455
it will definitely grow more. there are many factors why they haven't got huge amount yet.
first of all most people and companies still waiting for the "fix" to get back their files. I think it's worth to wait, because this crypter works offline too, this means it has built in private key. so who knows, maybe it's pretty much possible to dump that private key(s).

>>60409621
I think it is a scam anyway, just look at the fact there are only 5 known BTC-addys.

>>60399220
Whoa l, look at all that completely normal traffic

>>60406809
No, there's also other vectors of attack. An IT dude from one of the affected UK hospitals said that the initial infection was via email. Avoid opening email from unknown/untrusted sources, avoid unknown/ untrusted webpages, downloads, etc.

>>60407380
Yes. Without that they'd just shrug it of as tinfoil shit.

>>60404707
If the ransom ware can actually decrypt the files then in theory this could cost microsoft at worst the demanded ransom.

>>60409621
>this crypter works offline too
it does? I thought it downloaded a tor client to phone home.

File: kvn1494869664.jpg (264KB, 626x516px) Image search: [Google]

264KB, 626x516px

>>60409441
65k has been made.

Who wants to bet that people will use this as an excuse to outlaw encryption?

>>60410473
Not only that.

1) get everyone on the (((safe))) Windows 10 ASAP
2) forced updates forever for everyone. No excuses, no exceptions
3) phase out sale of any HDDs and of SSDs larger than 256 GB to private persons, everyone should mandatorily store their data in TheCloud(tm) where it'll be "safe from ransomware"
4) restrict encryption use to military/government and related agencies "to thwart ransomware proliferation"

>>60410473
>>60410740
No. This will make people more concerned regarding backdoors, since they know things like this might happen.

>>60400900
why don't you just use arch if you are going to audit every single update

>>60410829
Kek no. Have you ever met normies? Bill Gates could personally shit in their mouths and they'd still use Windows.

>>60411080
Of course. But it will make people more wary of the "backdoors are okay" narrative, like they are of the "surveillance is okay", even if they quietly accept it.

>>60410740
>nobody can encrypt anything
>except hackers

Its like fucking gun laws all over again.